REST API

Thestructure of these files is simple; there are a list of endpoints that connect directly to the relevant controller method.

api.post('/api/account',use(accountController.create));

Each controller call is wrapped in a HOC (higher order component) called use. This is a middleware function that catches any errors in the controller methods, and then passes these to a global error handler – this prevents you from having to use try...catch in your application.

Protected Routes

You can protect any API route and make it accessible to only a specific user level using the auth.verify middleware method. You simply pass the user permission as a parameter.